From 34ea020344ef5f2ea8ffce78c7e1abd6436b21ec Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 29 Jul 2024 11:54:15 +0200
Subject: [PATCH] glamor: Fix possible double-free

If glamor_link_glsl_prog() fails, we may jump to the failed code path
which frees the variable vs_prog_string and fs_prog_string.

But those variables were already freed just before, so in that case we
end up freeing the memory twice.

Simply move the free at the end of the success code path so we are sure
to free the values only once, either in the successful of failed code
paths.

Fixes: 2906ee5e4 - glamor: Fix leak in glamor_build_program()
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1629>
---
 glamor/glamor_program.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/glamor/glamor_program.c b/glamor/glamor_program.c
index 21f8987d9..a02584fad 100644
--- a/glamor/glamor_program.c
+++ b/glamor/glamor_program.c
@@ -359,8 +359,6 @@ glamor_build_program(ScreenPtr          screen,
 
     vs_prog = glamor_compile_glsl_prog(GL_VERTEX_SHADER, vs_prog_string);
     fs_prog = glamor_compile_glsl_prog(GL_FRAGMENT_SHADER, fs_prog_string);
-    free(vs_prog_string);
-    free(fs_prog_string);
     glAttachShader(prog->prog, vs_prog);
     glDeleteShader(vs_prog);
     glAttachShader(prog->prog, fs_prog);
@@ -394,6 +392,8 @@ glamor_build_program(ScreenPtr          screen,
     prog->atlas_uniform = glamor_get_uniform(prog, glamor_program_location_atlas, "atlas");
 
     free(version_string);
+    free(vs_prog_string);
+    free(fs_prog_string);
     free(fs_vars);
     free(vs_vars);
     return TRUE;